Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 9 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessEnvironmentVarsFilesystemNetwork
HighEntropyStringsUrlStrings
Source & flagged code
1 flagged · loading sourcedist/index.jsView file
65if ((0, import_node_fs.existsSync)(CONFIG_PATH)) {
L66: return JSON.parse((0, import_node_fs.readFileSync)(CONFIG_PATH, "utf8"));
L67: }
...
L174: function loadApiKey() {
L175: const envKey = process.env["DRIFTLESS_API_KEY"];
L176: if (envKey) return envKey;
...
L247: if (json) {
L248: process.stderr.write(JSON.stringify({ profile: { stages: stageMarks, http: profileEntries, totals: { httpMs, bytes, calls: profileEntries.length, totalMs } } }) + "\n");
L249: return;
...
L380: "use strict";
L381: import_node_http = require("node:http");
L382: import_node_https = require("node:https");
High
Sandbox Evasion Gated Capability
Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/index.jsView on unpkg · L65Findings
1 High3 Medium5 Low
HighSandbox Evasion Gated Capabilitydist/index.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings